Provide Admin Consent for DKE Service

The DKE Web Service is registered in the Securosys Microsoft Tenant.
As the App Registration is outside your Tenant Organization you must provide admin consent for the Enterprise application.

More information about why admin consent is required is explained in the DKE - Knowledge Base.

Create Consent URL

To provide consent replace organization-id and azure-client-id in the following Consent URL and execute it in a browser.

Consent URL: (Template)

https://login.microsoftonline.com/<organization-id>/adminconsent?client_id=<azure-dke-client-id>

• organization-id
  • Microsoft AAD - Tenant Properties
  • Copy Tenant ID
  • Replace <organization-id> with the clipboard Tenant ID (uuid)
• azure-dke-client-id
  • Open DKE Web Service
  • Click Actions on your DKE Web Service (App)
  • Click Edit
  • Click Next to reach the Your Service API section
  • Copy Azure DKE Client Id
  • Replace <azure-dke-client-id> with the clipboard Azure DKE Client Id (uuid)

Execute the Consent URL in the Browser

Sample URL (do not use this): https://login.microsoftonline.com/6c75641c-0efa-4412-842a-7a6bb552cbe1/adminconsent?client_id=10a01fea-6426-403d-af39-c1543c22bdf9

• You should see the Consent Screen for your DKE Web Service.
• Click Accept

note

After clicking Accept in the consent screen of your browser you will be redirected to the Securosys365 - Cockpit Login screen, ignore that and continue this guide

Review Consent (optional)

The admin consent gets now visible in your Tenant under Enterprise Applications

• Search by your DKE Web Service name

Additional Information

• More information about required Graph API Permissions is available in the DKE - Knowledge Base.
• More information about why Admin Consent is required is explained in the DKE - Knowledge Base.

What's Next

• Next, setup the Sensitivity Label in Microsoft Purview Information Protection.